Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 05 April 2024
Black Arrow Cyber Threat Intelligence Briefing 05 April 2024:
-Corporations with Effective Cyber Governance Create 4 Times More Value, Boosting Shareholder Returns
-Ransomware Incidents Reported to UK Financial Regulator Doubled
-Half of British SMEs Have Lost Data in Past Five Years: Threat Indicators Show 2024 Already Promising to be Worse Than 2023
-Researchers Report Sevenfold Increase in Data Theft Cases, as 17 billion Personal Records Exposed in Breaches in 2023
-AI Abuse and Misinformation Campaigns Threaten Financial Institutions
-Security Teams are ‘Overconfident’ About Handling Next-Gen Threats
-AI Makes Phishing Attacks Accessible to Basic Users
-Cyber Attacks Wreaking Physical Disruption on the Rise
-73% Brace for Cyber Security Impact on Business in Next Two Years
-To Stay Ahead of Ransomware Businesses Need to Adopt An Offensive Security Mindset
-Cyber Security Imperative for Protecting Executives
-The Increasing Role of Cyber Security Experts in Complex Legal Disputes
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Corporations with Effective Cyber Governance Create 4 Times More Value, Boosting Shareholder Returns
According to a recent report, companies who demonstrated an advanced level of cyber security performance generated a shareholder return 372% higher than their peers over a 5 year period. The report highlighted that having board committees focused on specialised risk and audit compliance produced the best outcomes; however, it was found that only a small number of those surveyed had done this. Financial institutions and healthcare had the highest cyber security ratings, highlighting the correlation between regulatory environments and cyber security performance.
Sources: [Help Net Security ] [Dark Reading]
Ransomware Incidents Reported to UK Financial Regulator Doubled
The number of security and ransomware incidents reported to the UK Financial Conduct Authority (FCA) surged in 2023, according to a freedom of information request. 31% of these incidents were categorised as ransomware, which had double the number of reports as the previous year. To note, these statistics address the number of ransomware incidents involving financial services that were disclosed: the number of actual incidents could be far higher.
Sources: [Digital Journal] [Digital Journal]
Half of British SMEs Have Lost Data in Past Five Years: Threat Indicators Show 2024 Already Promising to be Worse Than 2023
According to a new report, since 2019 nearly half (48%) of the UK’s small and medium-sized enterprises (SMEs) have lost access to data, potentially costing billions. The report found that nationwide, the number of businesses that lost data temporarily or permanently could amount to more than 800,000. Unfortunately, the report found that half of respondents assessed were relying on flawed backup processes, with a quarter not backing up data at all.
A number of organisations assume that they are backing data up automatically and that these backups are safe, but it is an assumption that can have cost. Added to this, some organisations are not aware that their backups can be changed, or deleted, by a malicious actor; a situation better mitigated by implementing immutable backups.
To better their situation, organisations need to understand the cause of a breach, map their data and understand where it is stored, follow the 3,2,1 rule (three copies of data, two separate locations, one in the cloud), consider immutable backups and monitor their backups. An effective backup policy will help.
Sources: [Infosecurity Magazine] [Security Week] [IT Security Guru]
Researchers Report Sevenfold Increase in Data Theft Cases, as 17 billion Personal Records Exposed in Breaches in 2023
According to a global threat intelligence report, data breach incidents rose by 34.5% in 2023, with 17 billion personal records compromised throughout the year. The research also observed a 429% spike in stolen or leaked personal data in the first two months of 2024. In a separate report, Kaspersky found that roughly 10 million devices encountered data-stealing malware in 2023, a sevenfold increase since 2020.
The reports highlight the importance of ensuring that precautions and mitigations are undertaken to thwart attackers. This should include enabling multi-factor authentication, strong and unique passwords, and using a password manager.
Sources: [Infosecurity Magazine] [Infosecurity Magazine]
AI Abuse and Misinformation Campaigns Threaten Financial Institutions
According to the Financial Services Information Sharing Analysis Center (FS-ISAC), cyber threats relating to generative AI in financial services are a consistent concern, with threat actors using generative AI to write malware and other types of attacks. In some cases, attackers are injecting contaminated data into the large language models used by AI, in order to supply it with misinformation which will in turn feed back to financial institutions.
Not all risks are malicious, however. In some cases where generative AI uses enormous datasets, this can contain privileged information or biased data, which can in turn cost financial firms the trust of regulators, consumers and investors. The FS-ISAC stated “As we look ahead to a critical year marked by emerging technology and heightened geopolitical tensions, the best way to maintain the integrity, security, and trust of the sector is through global information sharing.”
Source: [Help Net Security]
Security Teams are ‘Overconfident’ About Handling Next-Gen Threats
In a new study of more than 8,000 cyber security decision makers, Cisco found that nearly three-quarters of organisations anticipated a cyber incident to disrupt their business in the next two years and 80% said they felt at least “moderately confident” in their ability to defend against emerging threats. In contrast, Cisco’s own analysis rated the maturity of these organisations, finding 71% were deemed to be rated as ‘formative’ or ‘beginner’, the two lowest categories.
Source: [CSO Online]
AI Makes Phishing Attacks Accessible to Basic Users
One of the big selling points of AI is its ability to allow even an unsophisticated user to advance their capability and operate at a far more damaging level. Crucially AI can enable a completely non-technical user to understand and produce technical output. Unfortunately, many cyber criminals have realised this and are using AI to sharpen the efficacy of their phishing emails. With AI, phishing emails can now be created without telltale grammatical errors, and can be convincingly formatted to use a certain style to resonate with given target audience, such as a board level executive. AI is also enabling these phishing campaigns to be replicated across languages and geographies, giving malicious actors wider nets than ever before. Whilst low sophistication ‘Nigerian Prince’ type phishing emails are still doing the rounds they are largely being replaced by much more convincing and devious legitimate looking emails.
Source: [The Economic Times]
Cyber Attacks Wreaking Physical Disruption on the Rise
According to a report, more than 500 industrial operational technology (OT) sites worldwide suffered physical consequences as the result of a cyber attack last year, a near 20% rise from the previous year. The report found that some of the attacks cost the organisation up to $100 million in damages.
Attacks on utilities, water, energy, and other critical national infrastructure (CNI) have seen a sharp rise over the last year, against a backdrop of geopolitical tensions and actions by nation state aggressors such as Russia, China, North Korea and Iran, as well as hacktivist groups and other malicious actors.
Threats to IT may be better known than threats to OT, but the latter can result in very serious real world consequences, ultimately leading to potential mass loss of life events.
Source: [Dark Reading]
73% Brace for Cyber Security Impact on Business in Next Two Years
A survey has found that 73% of organisations are expecting a business disruption relating to a cyber incident in the next 12 to 24 months. Part of this was based on previous experiences, with 54% experiencing a cyber incident in the last 12 months, and 52% of those impacted reporting costs of at least $300,000. 87% reported issues with talent, and 46% reported having more than 10 unfilled roles related to cyber security.
Source: [Help Net Security]
To Stay Ahead of Ransomware Businesses Need to Adopt An Offensive Security Mindset
2023 was the most lucrative year yet for ransomware attacks and it was also the year that saw the biggest shift in ransomware tactics, with the majority of ransomware actors now implementing data exfiltration and extortion, in addition to encryption. As it is getting harder for organisations to defend against these attacks and to stay ahead of ransomware, organisations need to develop an offensive security mindset, working out how an attacker might gain access to their systems. This includes keeping up with the latest tactics, communicating this throughout the organisation and running threat-led attack simulations.
Source: [IBTimes]
Cyber Security Imperative for Protecting Executives
The stakes are high in cyber security, and particularly for executives whose positions amplify the potential fall out and damage from cyber incidents. The variety of sensitive information that they have access to, and their authority in the organisation, makes them a desirable target for business email compromise.
Organisations need to implement a robust security culture, led by executives, to foster an environment where cyber threats are understood and mitigated. As part of this, training needs to be given to the whole organisation, including executives.
Executives may have historically excluded themselves from security controls, yet ironically it is this exclusion and their position in the organisation that makes them such a lucrative target.
Source: [Forbes]
The Increasing Role of Cyber Security Experts in Complex Legal Disputes
Expert witnesses have been known to play significant roles in matters where their valuable insight is required. In today’s world, with the number of high-stake crimes now involving technology, cyber security professionals have become some of the most sought-after experts.
Disputes involving highly complex cyber crimes typically require more technical experience than is on hand, and the contributions of a cyber expert are significant in uncovering critical evidence and shaping the legal strategy, as well as explaining cyber security in the courtroom.
Source: [JDSupra]
Governance, Risk and Compliance
Ransomware incidents reported to UK financial regulator have doubled - Digital Journal
AI abuse and misinformation campaigns threaten financial institutions - Help Net Security
The Big Question: Are SMEs now at the forefront of cyber risks? - Emerging Risks Media Ltd
Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 - Security Week
Security teams are ‘overconfident’ about handling next-gen threats | CSO Online
Banks told to expand risk management to cover AI (finextra.com)
Corporations With Cyber Governance Create 4X More Value (darkreading.com)
Cyber Leaders Struggle With Heightened Job Expectations, Communicating With Board - WSJ
73% brace for cyber security impact on business in the next year or two - Help Net Security
Businesses overestimating their skills amid cyber security crisis, survey reveals (holyrood.com)
Why your data isn’t as safe as you think and what it could cost you - IT Security Guru
Unspoken Battle: Cyber Security Imperative For Protecting Executives (forbes.com)
Businesses must prioritise prevention to lock out online threats (yahoo.com)
CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)
Lessons from the World's Costliest Corporate Cyber Attacks - Management Today
Three trends set to drive cyber attacks in 2024 (networkingplus.co.uk)
Why Cyber Security Is a Whole-of-Society Issue (darkreading.com)
Instilling the Hacker Mindset Organisationwide (darkreading.com)
How CISOs Can Make Cyber Security a Long-Term Priority for Boards (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
Cyber security incidences surge in the UK financial services sector - Digital Journal
Ransomware attacks rise by 46% in February 2024, finds NCC Group (securitybrief.co.nz)
RDP Abuse Present in 90% of Ransomware Breaches - Infosecurity Magazine (infosecurity-magazine.com)
How will the Merck settlement affect the insurance industry? (securityintelligence.com)
Trend Micro: LockBit ransomware gang's comeback is failing | TechTarget
Hosting firm's VMware ESXi servers hit by new SEXi ransomware (bleepingcomputer.com)
Ransomware Victims
Ransomware attacks ravaged municipal governments in March | TechTarget
NHS Scotland confirms ransomware attackers leaked patients' data - Help Net Security
Yacht retailer MarineMax discloses data breach after cyber attack (bleepingcomputer.com)
How will the Merck settlement affect the insurance industry? (securityintelligence.com)
Ransomware gang leaks UK city council’s confidential files • The Register
Omni Hotels confirms cyber attack behind ongoing IT outage (bleepingcomputer.com)
World’s second-largest lens-maker blinded by cyber incident • The Register
Phishing & Email Based Attacks
This new phishing attack targets iPhone and Android alike via RCS | TechRadar
Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)
$1.28 Million Lost From Crypto Phishing Attacks (coinpedia.org)
Naked photos sent in WhatsApp ‘phishing’ attacks on UK MPs and staff – POLITICO
Cyber security: Enabled by AI, phishing becomes quite simple - The Economic Times (indiatimes.com)
Phishing Attacks Targeting Political Parties, Germany Warns (govinfosecurity.com)
A phish by any other name should still not be clicked – Computerworld
Google now blocks spoofed emails for better phishing protection (bleepingcomputer.com)
New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware (thehackernews.com)
Microsoft Teams phishing attacks and how to prevent them | TechTarget
Artificial Intelligence
Banks told to expand risk management to cover AI (finextra.com)
AI abuse and misinformation campaigns threaten financial institutions - Help Net Security
22% of employees admit to breaching company rules with GenAI - Help Net Security
6 Prompts You Don't Want Employees Putting in Microsoft Copilot (bleepingcomputer.com)
Microsoft Copilot Blocked on US Congress Devices Over Security Concerns | Cryptopolitan
Cyber security: Enabled by AI, phishing becomes quite simple - The Economic Times (indiatimes.com)
Microsoft Announces New Safety System to Filter Malicious AI Output | Extremetech
Microsoft GM on AI and elections: 'There will be fakes' • The Register
The ‘complicated relationship’ between AI and cyber security (siliconrepublic.com)
Chinese hackers turn to AI to meddle in elections | CyberScoop
Security and AI occupy SME thoughts | Microscope (computerweekly.com)
Malware
Escalating malware tactics drive global cyber crime epidemic - Help Net Security
Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries (thehackernews.com)
TheMoon Malware Rises Again with Malicious Botnet for Hire (darkreading.com)
Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware (thehackernews.com)
Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities (thehackernews.com)
Botnets: The uninvited guests that just won’t leave | CSO Online
Detecting Windows-based Malware Through Better Visibility (thehackernews.com)
Apple macOS users targeted with more cyber attacks via dodgy ads and websites | TechRadar
Europe subjected to Mispadu trojan attacks | SC Media (scmagazine.com)
YouTube Video Game ‘Hacks’ Contain Malware Links - Infosecurity Magazine (infosecurity-magazine.com)
The Biggest Takeaways from Recent Malware Attacks (bleepingcomputer.com)
Thousands of Australian Businesses Targeted With RAT (darkreading.com)
Mobile
This new phishing attack targets iPhone and Android alike via RCS | TechRadar
2 wireless protocols expose mobile users to spying — the FCC wants to fix that - Nextgov/FCW
Location tracking and the battle for digital privacy - Help Net Security
How and why to enable Stolen Device Protection on your iPhone (idownloadblog.com)
Google fixed two actively exploited Pixel vulnerabilities (securityaffairs.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Porsche Kills Two More Models Due to Cyber Security Regulations - autoevolution
UK Encouraged to Prioritise Cyber Security with Electric Vehicle Charging Points - Electrical Times
Data Breaches/Leaks
Highly sensitive files mysteriously disappeared from EUROPOL headquarters (securityaffairs.com)
Almost 2.9M impacted by Harvard Pilgrim Health Care breach | SC Media (scmagazine.com)
Ivanti-linked breach of CISA potentially affected more than 100,000 individuals | CyberScoop
Prudential Insurance says data of 36,000 exposed during February cyber attack (therecord.media)
Hotel Self Check-In Kiosks Exposed Room Access Codes - Security Week
Nearly 1M medical records feared stolen from City of Hope • The Register
SurveyLama data breach exposes info of 4.4 million users (bleepingcomputer.com)
Cyber criminals steal data of around 700,000 Apotheka pharmacy customers | News | ERR
PandaBuy data breach allegedly impacted +1.3M customers (securityaffairs.com)
OWASP discloses breach due to a Wiki web server misconfig • The Register
US cancer center data breach exposes info of 827,000 patients (bleepingcomputer.com)
Organised Crime & Criminal Actors
Escalating malware tactics drive global cyber crime epidemic - Help Net Security
Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 - Security Week
Rise of non-tech hackers: new era of cyber threats - VnExpress International
India rescuing citizens forced into cyber fraud schemes in Cambodia | Reuters
Cyber criminal adoption of browser fingerprinting - Help Net Security
With just $700 and a Raspberry Pi — you too can become a cyber criminal | TechRadar
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
FTX founder Sam Bankman-Fried sentenced to 25 years for crypto fraud (cnbc.com)
$1.28 Million Lost From Crypto Phishing Attacks (coinpedia.org)
Insider Risk and Insider Threats
Human risk is the top cyber threat for IT teams - Help Net Security
Instilling the Hacker Mindset Organisation wide (darkreading.com)
Insurance
Can cyber insurance help secure business? | Mint (livemint.com)
How will the Merck settlement affect the insurance industry? (securityintelligence.com)
Supply Chain and Third Parties
Cloud/SaaS
How much does cloud-based identity expand your attack surface? - Help Net Security
Who owns your data? SaaS contract security, privacy red flags | CSO Online
Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)
Identity and Access Management
Linux and Open Source
New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking (thehackernews.com)
Red Hat warns of backdoor in XZ tools used by most Linux distros (bleepingcomputer.com)
A new XZ backdoor scanner will be able to safeguard any Linux binary from threats (msn.com)
What we know about the xz Utils backdoor that almost infected the world | Ars Technica
Malicious xz backdoor reveals fragility of open source • The Register
Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries (thehackernews.com)
German state switches to LibreOffice, promises Windows move • The Register
Passwords, Credential Stuffing & Brute Force Attacks
Cisco warns of password-spraying attacks targeting VPN services (bleepingcomputer.com)
American fast-fashion firm Hot Topic hit by credential stuffing attacks (securityaffairs.com)
Social Media
WhatsApp was down in Meta’s second big outage this year | TechCrunch
YouTube Video Game ‘Hacks’ Contain Malware Links - Infosecurity Magazine (infosecurity-magazine.com)
Malvertising
Apple macOS users targeted with more cyber attacks via dodgy ads and websites | TechRadar
New Chrome feature aims to stop hackers from using stolen cookies (bleepingcomputer.com)
Training, Education and Awareness
Human risk is the top cyber threat for IT teams - Help Net Security
Instilling the Hacker Mindset Organisation wide (darkreading.com)
Regulations, Fines and Legislation
Ransomware incidents reported to UK financial regulator have doubled - Digital Journal
EU's reimagined NIS 2 cyber security vision to go live (electronicspecifier.com)
6 business benefits of data protection and GDPR compliance | TechTarget
Treasury accuses banks of 'insufficient data sharing' on fraud | American Banker
A CISO's Guide to Materiality and Risk Determination (darkreading.com)
Models, Frameworks and Standards
Using the NIST CSF for Strong Cyber Security Compliance | NAVEX - JDSupra
NIST And CISA: 13 Must-Review Resources For SMBs (forbes.com)
Are businesses prepared for the CSF 2.0 challenge? - Digital Journal
Backup and Recovery
World Backup Day triggers call for holistic cyber security overhaul (securitybrief.co.nz)
Data protection vs. data backup: How are they different? | TechTarget
Data Protection
6 business benefits of data protection and GDPR compliance | TechTarget
How to conduct a data privacy audit, step by step | TechTarget
Data protection vs. data backup: How are they different? | TechTarget
Careers, Working in Cyber and Information Security
The Complexity and Need to Manage Mental Well-Being in the Security Team - Security Week
Cyber Leaders Struggle With Heightened Job Expectations, Communicating With Board - WSJ
Unlocking Cyber Security Success: The Importance of Certifications - ClearanceJobs
CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)
Are you okay? Understanding the world of a CISO | CSO Online
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Wars prompt questions for facial recognition providers, and obscure the answers | Biometric Update
UN Peace Operations Under Fire from State-Sponsored Hackers (darkreading.com)
Nation State Actors
China
UK minister confirmed as 12th target in Westminster ‘spear-phishing’ scandal – POLITICO
Pulling the Curtain Back on China’s Cyberespionage (informationweek.com)
MPs challenge government claims China cyber attack was unsuccessful (ft.com)
Chinese hackers turn to AI to meddle in elections | CyberScoop
UK, Czech ministers among China’s hacking targets – POLITICO
Security fears over supercomputer deal with Chinese firm Lenovo (thetimes.co.uk)
Russia
Ukraine gives award to foreign vigilantes for hacks on Russia - BBC News
STA: Russian hackers take responsibility for cyber attack on Slovenia
Exclusive: Hackers stole Russian prisoner database to avenge death of Navalny | CNN Politics
Russian network that 'paid European politicians' busted, authorities claim - BBC News
Russia charges suspects behind theft of 160,000 credit cards (bleepingcomputer.com)
Iran
Iran's Evolving Cyber Enabled Influence Operations to Support Hamas (darkreading.com)
Satellite Cyber Security, Iran, and the Israel-Hamas War | Geopolitical Monitor
North Korea
Vulnerability Management
CVE and NVD - A Weak and Fractured Source of Vulnerability Truth - Security Week
Attack Surface Management vs. Vulnerability Management (thehackernews.com)
Vulnerabilities
Are You Affected by the Backdoor in XZ Utils? (darkreading.com)
Red Hat issues urgent alert for Fedora Linux users due to malicious code (betanews.com)
Hosting firm's VMware ESXi servers hit by new SEXi ransomware (bleepingcomputer.com)
Cisco warns of password-spraying attacks targeting VPN services (bleepingcomputer.com)
Cisco addressed high-severity flaws in IOS and IOS XE software (securityaffairs.com)
Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure (thehackernews.com)
Apple GoFetch was caused by an obsession with speed • The Register
Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed! - Security Week
Critical Security Flaw Found in Popular LayerSlider WordPress Plugin (thehackernews.com)
Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems - Security Week
Google fixed two actively exploited Pixel vulnerabilities (securityaffairs.com)
Splunk Patches Vulnerabilities in Enterprise Product - Security Week
JetBrains fixes 26 'security problems,' offering no details • The Register
Tools and Controls
RDP Abuse Present in 90% of Ransomware Breaches - Infosecurity Magazine (infosecurity-magazine.com)
New XZ backdoor scanner detects implant in any Linux binary (bleepingcomputer.com)
The ‘complicated relationship’ between AI and cyber security (siliconrepublic.com)
How much does cloud-based identity expand your attack surface? - Help Net Security
How Pentesting-as-a-Service can Reduce Overall Security Costs (bleepingcomputer.com)
Building a cyber security risk assessment template - Security Boulevard
Microsoft unveils safety and security tools for generative AI | InfoWorld
The Biggest Mistake Security Teams Make When Buying Tools (darkreading.com)
World Backup Day triggers call for holistic cyber security overhaul (securitybrief.co.nz)
Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)
Can cyber insurance help secure business? | Mint (livemint.com)
71% Website Vulnerable: API Security Becomes Prime Target for Hackers - Security Boulevard
Old Technology, New Tricks: Why DNS Is Still A Major Security Target (forbes.com)
Cyber Risk Management: A Beginner's Guide - Security Boulevard
Microsoft Entra Recommendations adds several more for better user security - Neowin
A CISO's Guide to Materiality and Risk Determination (darkreading.com)
Attack Surface Management vs. Vulnerability Management (thehackernews.com)
Why a Cloud Security Platform Approach is Critical | Trend Micro (US)
The Importance Of Physical Cyber Security Testing (forbes.com)
CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)
Human risk is the top cyber threat for IT teams - Help Net Security
Data protection vs. data backup: How are they different? | TechTarget
SIEM Implementation: Strategies and Best Practices | MSSP Alert
Is Windows Defender All the Antivirus Protection You Need? (makeuseof.com)
Other News
Cyber Attacks Wreaking Physical Disruption on the Rise (darkreading.com)
Cyber Safety Review Board: Microsoft security culture 'inadequate' (geekwire.com)
Microsoft slammed for lax infosec that led to Exchange crack • The Register
Infosec professionals praise CSRB report on Microsoft breach | TechTarget
76% of consumers don't see themselves as cyber crime targets - Help Net Security
Shielding the lifelines: Protecting energy and infrastructure from cyber threats (betanews.com)
Cyber Security Statistics In 2024: Is Your Law Firm Protected? - Above the Law
Sellafield nuclear waste dump faces prosecution over cyber security failures (bitdefender.com)
Australia Doubles Down On Cyber Security After Attacks (darkreading.com)
Furry Hackers Use Church's Money To Buy Inflatable Sea Lions (dailydot.com)
Windows 10 Support Deadline: Your Guide to Extended Security Updates (ESU) (mspoweruser.com)
Healthcare's cyber resilience under siege as attacks multiply - Help Net Security
Rise of non-tech hackers: new era of cyber threats - VnExpress International
Why Cultural Institutions Are Rich Targets for Cyber Attackers (informationweek.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 15 December 2023
Black Arrow Cyber Threat Intelligence Briefing 15 December 2023:
-MPs say UK Could be Brought to Standstill ‘At Any Moment’ as Scathing Report Calls for Greater Security Investment
-Gartner Finds 45% of Organisations Experienced Third Party-Related Business Interruptions
-Major Cyber Attack Paralyzes Ukraine's Largest Telecom Operator; Russia Expected to Ramp Up Attacks on Ukraine’s Allies
-81% of Companies had Malware, Phishing and Password Attacks in 2023
-Cyber Criminals Hit SMEs With Skills Once Limited to Nation State Actors
-Russian Cyber Actors are Exploiting a Known Vulnerability with Worldwide Impact
-Why Cyber Security Is a Competitive Advantage: Reaching Digital Success
-Ransomware-as-a-Service: The Growing Threat You Can't Ignore
-66% of Employees Prioritise Daily Tasks Over Cyber Security
-Cyber Attack on Irish Utility Cuts Off Water Supply for Two Days
-Who Is Responsible for Cyber Security? You.
-Many Popular Websites Still Cling to Password Creation Policies From 1985
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
MPs say UK Could be Brought to Standstill ‘At Any Moment’ as Scathing Report Calls for Greater Security Investment
According to the UK Parliament’s Joint Committee on the National Security Strategy (JCNSS), the UK is one of the most targeted countries in the world for cyber attacks, predominantly coming from Russian-linked threat actors. The report describes the UK as being at high risk from catastrophic ransomware attacks, and warns that the country could face significant challenges in managing future attacks.
Further, the report noted that the UK’s regulatory frameworks are insufficient and large amounts of national infrastructure are still vulnerable to ransomware because of their reliance on legacy IT systems.
Sources: [ITPro] [Emerging Risks Media Ltd]
Gartner Finds 45% of Organisations Experienced Third Party-Related Business Interruptions
Despite increased investments in third-party cyber security risk management (TPCRM) over the last two years, 45% of organisations experienced third party-related business interruptions, according to a new Gartner survey. This is reinforced by a separate survey, in which 97% of respondents reported having suffered negative impacts from a breach in a third party or supplier partner in the last year; a figure that has remained unchanged for the past three years.
The results show that despite the increase in attention and investments in third party risk management, organisations are not carrying these out in a way that is decreasing the risk.
Sources: [CIR Magazine] [Gartner]
Major Cyber Attack Paralyzes Ukraine's Largest Telecom Operator; Russia Expected to Ramp Up Attacks on Ukraine’s Allies
Ukraine's biggest telecom operator Kyivstar has become the victim of a "powerful hacker attack," disrupting customer access to mobile and internet services. Its mobile app and website were down but they managed to restore some of its landline services on the same day of the attack. 24 million Kyivstar users have been urged to change all passwords following the attack.
So far, two Russia-aligned hacker groups have claimed responsibility for the hack: Killnet and Solntsepek. While Killnet have not provided any evidence of the attack, Solntsepek posted several screenshots of Kyivstar systems that it allegedly hacked, on its Telegram channel. The group said it “destroyed 10 thousand computers, more than 4 thousand servers, all cloud storage, and backup systems”.
Further, Russia is expected to ramp up their cyber campaign efforts targeting Ukraine’s allies as part of the ongoing conflict in the region. Last winter saw an increase in attacks that is likely to be repeated this year. The use of wiper malware to target critical national infrastructure (CNI) outside of Ukraine), similar to the attack on Kyivstar above, is just one tactic that could be deployed to disrupt Western allies’ ability, and motivation, to continue military support to Ukraine.
Sources: [Record Media] [New Voice of Ukraine] [Hacker news] [Infosecurity Magazine] [Gov Info Security]
81% of Companies had Malware, Phishing and Password Attacks in 2023
According to Verizon, 81% of organisations faced malware, phishing and password attacks last year, and these attacks were mainly targeted at users. Further, it was found that 62% percent of companies suffered a security breach connected to remote working. Certainly, attacks are not limited to particular sectors or organisations. Everyone can be a target and it is important to keep that in mind when focusing on securing the organisation; yet despite cyber security affecting everyone, 91% of CEOs/CFOs put the responsibility for cyber security squarely with IT.
Source: [Security Magazine]
Cyber Criminals Hit SMEs With Skills Once Limited to Nation State Actors
According to SentinelOne, mid-sized businesses are being targeted by cyber criminals who are displaying skills previously limited to expert government hackers. Cyber criminals are more organised than ever and have a better understanding of how businesses run; this, paired with technical acumen and AI, has created a difficult environment for medium-sized businesses who don’t possess the budget of a large organisation.
Sources: [Washington Times] [SiliconANGLE]
Russian Cyber Actors are Exploiting a Known Vulnerability with Worldwide Impact
The US National Security Agency (NSA), Federal Bureau of Investigation (FBI), and co-authoring agencies warn that the Russian Foreign Intelligence Service (SVR) cyber actors are exploiting a publicly known vulnerability to compromise victims globally, including in the United States and allied countries. To raise awareness and help organisations identify, protect, and mitigate this malicious activity, the authoring agencies have jointly released a Cyber Security Advisory (CSA) on SVR’s exploiting of JetBrain’s TeamCity software, widely used by developers and software providers.
The advisory warns that APT29, the notorious Russian group behind the 2020 SolarWinds hack, are actively exploiting this vulnerability, joining state-sponsored actors from North Korea. The exploit in TeamCity could give attackers enough access to manipulate a software's source code, sign certificates, and compile and deploy processes.
Sources: [NSA] [Dark Reading] [The Register]
Why Cyber Security Is a Competitive Advantage: Reaching Digital Success
In the tech-driven world, cyber security’s importance is paramount for protecting sensitive data and critical systems. Significant increases in vulnerabilities and breaches have led to stricter guidelines and regulations for most sectors; a trend we expect to see increasing with regulations becoming more and more stringent. Increased regulation can only be good for affected industries and sectors to drive increased security.
However, beyond regulatory compliance, cyber security is a critical competitive differentiator and should be seen as such, rather than simply as a tick box exercise to satisfy a regulator or viewed as an increase in regulatory burden. Data breaches can lead to severe financial setbacks and damage to a company's reputation and customer trust. The legal and financial consequences of non-compliance with cyber security regulations are significant.
Building a comprehensive cyber security strategy that includes risk assessments, incident response plans, and proactive measures is essential in this era of rapid vulnerability exploitation. Embracing cyber security is not just a choice but a necessity for success in the digital age.
Source: [Forbes]
Ransomware-as-a-Service: The Growing Threat You Can't Ignore
Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cyber security. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This latest ransomware business model allows inexperienced hackers to use on-demand tools for attacks, reducing time and cost. They pay a fee, choose a target, and launch an attack with the provider’s tools. The effects of RaaS are starting to be noticed, as a recent survey showed the time from network breach to file encryption has dropped below 24 hours for the first time.
Source: [Hacker News]
66% of Employees Prioritise Daily Tasks Over Cyber Security
According to a recent survey, 66% of respondents stated that completing daily tasks is more crucial than cyber security, such as cyber security training. The tasks that were being prioritised over cyber security training include monthly targets, manager-assigned tasks and emails.
The survey highlights the need for improved cyber security training in organisations, with 64% of employees wanting time for this training during work hours, and 43% referring more engaging methods like videos and interactive sessions. The data suggests a shift from the annual training model, with 29% receiving quarterly training, 13% semi-quarterly, and 11% monthly. Addressing these needs is crucial for cyber security readiness.
Source: [Security Magazine]
Cyber Attack on Irish Utility Cuts Off Water Supply for Two Days
Last week, a cyber attack on a small Irish water utility disrupted the water supply for two days, affecting 180 people. The water utility’s representatives said the hackers may have breached the system due to their firewall not being “strong enough”. However, in most cases, hackers target internet-exposed devices or controllers that are either not protected at all or protected by a default password. This follows a warning from the US Government about the CyberAv3ngers group, an Iranian affiliated threat actor, which has been actively attacking water facilities in multiple US states.
Source: [Security Week]
Who Is Responsible for Cyber Security? You.
Cyber security is a concern that should resonate with every member of the C-suite and senior staff because when it fails, the entire business is impacted. Recent examples like the “bleach breach” at Clorox and the cyber attack on MGM Resorts illustrate the financial and reputational consequences of cyber security incidents, with losses estimated in the hundreds of millions of dollars. To effectively address this, C-suite executives and their teams must actively support cyber security initiatives led by CIOs and CISOs. The introduction of new government regulations, such as those from the US Securities and Exchange Commission (SEC), require organisations to swiftly report and manage cyber security incidents, impacting various departments beyond just the security team. To succeed in this environment, organisations must make cyber security information accessible across teams, allocate budgets for cyber security, and view cyber security as a catalyst for innovation and growth rather than a burden. For this to happen every single person within an organisation, from the very top to the very bottom, has a role to play in keeping the organisation secure and no one can think that security is someone else’s job.
Source: [Forbes]
Many Popular Websites Still Cling to Password Creation Policies From 1985
Website security, particularly password creation policies and login practices, requires immediate attention. A study of over 20,000 websites uncovers significant vulnerabilities with 75% of websites permitting passwords even shorter than 8 characters (which was the recommendation all the way back in 2012), and 12% even allow single-character passwords. Furthermore, 40% limit password length to being far shorter than current recommendations, and worse 72% permit dictionary words or known breached passwords.
The study also reveals that a third of websites do not support special characters in passwords. Remarkably, many websites continue to adhere to outdated password policies from 2004 or even 1985, and only 5.5% comply with stricter modern guidelines. This underscores the immediate need for standardising and strengthening password policies across the web, as well as enhancing education and outreach efforts to address these critical security weaknesses. Such passwords can influence people’s password choice, which can then enter the corporate environment. This can lead to their account having a higher risk of compromise, and in turn, risks to the data belonging to the organisation.
Source: [Help Net Security]
Governance, Risk and Compliance
How C-Level Executives Can Increase Cyber Resilience (forbes.com)
Increased Cyber Regulation in the Offing as Attacks Mount (darkreading.com)
Ex-Uber CSO: Lessons Learned from the Breach and Legal Case (darkreading.com)
The SEC action against SolarWinds highlights how tough it can get for CISOs | CSO Online
How to Enlist the CFO as a Cyber Security Budget Ally | Mimecast
7 Must-Ask Questions for Leaders on Security Culture | MSSP Alert
Why Cyber Security Is A Competitive Advantage: Reaching Digital Success (forbes.com)
Cyber Security Attacks Are On the Rise — Is Your Business Prepared? | Entrepreneur
Tech prediction #2: Businesses will turn to Cyber Security as a Service - Digital Journal
Is Cyber Security as a Service (CSaaS) the Answer? (automation.com)
Threats
Ransomware, Extortion and Destructive Attacks
UK Downplays Ransomware Threat at Its Peril, Says Committee (inforisktoday.com)
Ransomware Groups' Latest Tactic: Weaponized Marketing (inforisktoday.com)
Ransomware-as-a-Service: The Growing Threat You Can't Ignore (thehackernews.com)
Ransomware most wanted — part 2, LockBit & Clop (techinformed.com)
The end of ransomware payments: how businesses fit into the fight | ITPro
OpenText Cyber Security 2023 Global Ransomware Survey | MSSP Alert
Russian banker of Hive ransomware network arrested in Paris (databreaches.net)
US reveals email addresses used to send ransomware demands • The Register
Virtual Kidnapping: The Dark World of Cyber Extortion (govinfosecurity.com)
Ransomware Victims
Kraft Heinz launches investigation after ransomware gang claims to have stolen data - SiliconANGLE
Norton Healthcare disclosed a data breach after ransomware attack (securityaffairs.com)
Insomniac Reportedly Hacked, Blackmailed With Game Leaks And Doxing (thegamer.com)
BAUER Group is operational again after cyber attack | Corporate - EQS News (eqs-news.com)
Phishing & Email Based Attacks
81% of companies had malware, phishing and password attacks in 2023 | Security Magazine
39% of security leaders cite phishing as most feared cyber attack | Security Magazine
Quishing is the new phishing: Why you need to think before you scan that QR code | ZDNET
Cyber Criminals Exploit OAuth Apps for BEC, Phishing Attacks (petri.com)
US reveals email addresses used to send ransomware demands • The Register
Dental Plan Administrator Fined $400K for Phishing Breach (govinfosecurity.com)
Artificial Intelligence
SMEs "losing" battle against AI-powered cyber attacks, say experts - Tech Monitor
ICO Warns of Fines for “Nefarious” AI Use - Infosecurity Magazine (infosecurity-magazine.com)
AI in 2024: More business use, more fraud risks | Premium | Compliance Week
Europe Reaches a Deal on the World’s First Comprehensive AI Rules - Security Week
The White House's private fears over the rise of AI in the Middle East (telegraph.co.uk)
Holiday Scams Propelled By Artificial Intelligence | Foodman CPAs & Advisors - JDSupra
Responsibly Implementing AI, the Unstoppable Force (darkreading.com)
How to stop Dropbox from sharing your personal files with OpenAI (cnbc.com)
Malware
81% of companies had malware, phishing and password attacks in 2023 | Security Magazine
Researchers Unveal GuLoader Malware's Latest Anti-Analysis Techniques (thehackernews.com)
Hacker Uses Infostealer Data to Gain Access to Brazil’s Police Portal | Info Stealers
Stealthy Linux rootkit found in the wild after going undetected for 2 years | Ars Technica
Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans (thehackernews.com)
Recruiters, beware of cyber crooks posing as job applicants! - Help Net Security
Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders (thehackernews.com)
29 malware families targeted 1800 banking apps in 61 countries | Security Magazine
Stealthy new botnet targets VPN devices and routers while staying disguised | TechRadar
Ten new Android banking trojans targeted 985 bank apps in 2023 (bleepingcomputer.com)
Surge in deceptive simplicity exploitation by cyber attackers (securitybrief.co.nz)
Mobile
Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws (thehackernews.com)
Apple Testing New Stolen Device Protection Feature for iPhones - Security Week
Hackers outsmart Apple to install keyloggers on iPhones - PhoneArena
Android barcode scanner app exposes user passwords (securityaffairs.com)
New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands (thehackernews.com)
Six of the most popular Android password managers are leaking data | ZDNET
SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users (thehackernews.com)
'5Ghoul' Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems - Security Week
29 malware families targeted 1800 banking apps in 61 countries | Security Magazine
Ten new Android banking trojans targeted 985 bank apps in 2023 (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches (darkreading.com)
DNA companies should receive severe penalties for losing our data | TechCrunch
Why the 23andMe Data Breach Is Such a Disaster (gizmodo.com)
US nuclear research lab data breach impacts 45,000 people (bleepingcomputer.com)
Ubiquiti users claim to have access to other people’s devices (securityaffairs.com)
2.5m people's data lost in Norton hospital ransomware hit • The Register
Dubai’s largest taxi app exposes 220K+ users (securityaffairs.com)
Toyota Financial Services discloses data breach (securityaffairs.com)
DonorView exposes 1M records for unknown time frame • The Register
Dental Plan Administrator Fined $400K for Phishing Breach (govinfosecurity.com)
Organised Crime & Criminal Actors
Cyber Crime Orgs Increasingly Use Human Trafficking to Staff Scam Mills (darkreading.com)
Interpol strikes slavers who force people to scam you online • The Register
Cyber criminals and nation states up their game in persistent global attacks - SiliconANGLE
Dark web forums reveal next year’s cyber security threats - Digital Journal
Trafficking for cyberfraud an increasingly globalized crime, Interpol says (nbcnews.com)
Kelvin Security hacking group leader arrested in Spain (bleepingcomputer.com)
Ransomware most wanted — part 2, LockBit & Clop (techinformed.com)
New cyber crime market 'OLVX' gains popularity among hackers (bleepingcomputer.com)
How cyber criminals are using Wyoming shell companies for global hacks | Reuters
Exploitation of the internet and the mind: How cyber criminals operate | TechRadar
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto Startup Ledger Users’ Wallets Drained in Hack - Bloomberg
Ledger says attacker conducted phishing attack on former employee - Blockworks
Insider Risk and Insider Threats
66% of employees prioritize daily tasks over cyber security | Security Magazine
Privilege elevation exploits used in over 50% of insider attacks (bleepingcomputer.com)
Employees are weaponizing private emails with colleagues | Fortune
Insurance
Supply Chain and Third Parties
UK firms increasing their focus on supply chain cyber risk – report - CIR Magazine
Manchester Public Schools Lose $180K to Hacked Vendor (govtech.com)
Software & Security: How to Move Supply Chain Security Up the Agenda (darkreading.com)
Cloud/SaaS
Multi-Cloud vs. Hybrid Cloud: The Main Difference (techtarget.com)
SAP's attempt to migrate security tools to cloud failed • The Register
Cloud engineer wreaks havoc on bank's network after firing • The Register
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
81% of companies had malware, phishing and password attacks in 2023 | Security Magazine
Android barcode scanner app exposes user passwords (securityaffairs.com)
Six of the most popular Android password managers are leaking data | ZDNET
Many popular websites still cling to password creation policies from 1985 - Help Net Security
Social Media
Regulations, Fines and Legislation
Increased Cyber Regulation in the Offing as Attacks Mount (darkreading.com)
ICO Warns of Fines for “Nefarious” AI Use - Infosecurity Magazine (infosecurity-magazine.com)
How European countries are implementing new cyber security framework – EURACTIV.com
Cyber Solidarity Act moves ahead in EU Parliament with key committee vote – EURACTIV.com
Europe Reaches a Deal on the World’s First Comprehensive AI Rules - Security Week
FBI Issues Guidance for Delaying SEC-Required Data Breach Disclosure - Security Week
The SEC action against SolarWinds highlights how tough it can get for CISOs | CSO Online
SEC Cyber Security Breach Rule: What it Means for MSSPs | MSSP Alert
Ex-Uber CSO Joe Sullivan on why he ‘had to get over’ shock of data breach conviction | TechCrunch
Government plans to regulate to tackle datacentre threats | Computer Weekly
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Debate Roils Over Extent of Nation-State Cyber Involvement in Gaza (darkreading.com)
Think tank report labels NSO, Lazarus, 'cyber mercenaries' • The Register
Nation State Actors
China
Warning: Russia and China Target Cyber Security Weak Points (govinfosecurity.com)
Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs (darkreading.com)
China’s cyber intrusions have hit ports and utilities, officials say - The Washington Post
CISA unveils Google Workspace guidelines informed by Chinese breach of Microsoft | CyberScoop
Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet - Security Week
Stealthy new botnet targets VPN devices and routers while staying disguised | TechRadar
China warns its geographic data breach puts industry at risk (techinformed.com)
Russia
Major Cyber Attack Paralyzes Kyivstar - Ukraine's Largest Telecom Operator (thehackernews.com)
Hackers damaged some infrastructure of Ukraine’s Kyivstar telecom company (therecord.media)
Warning: Russia and China Target Cyber Security Weak Points (govinfosecurity.com)
UK government takes steps to thwart Russia's FSB hackers (techmonitor.ai)
Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign (thehackernews.com)
Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare (darkreading.com)
Ukrainian intelligence takes down Russia's tax system in major cyber warfare operation
Russian foreign intelligence service spotted exploiting JetBrains vulnerability (therecord.media)
Leader of Russian hacktivist group Killnet ‘retires,' appoints new head (therecord.media)
Russian banker of Hive ransomware network arrested in Paris (databreaches.net)
Iran
Two-day water outage in remote Irish region caused by pro-Iran hackers (therecord.media)
Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders (thehackernews.com)
North Korea
Lazarus sub-group targets South Korean defence firms | SC Media (scmagazine.com)
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug (bleepingcomputer.com)
Lazarus Operation Blacksmith Attacking Organisations Worldwide (cybersecuritynews.com)
Think tank report labels NSO, Lazarus, 'cyber mercenaries' • The Register
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
Microsoft's Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical (thehackernews.com)
New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164) - Help Net Security
Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws (thehackernews.com)
Adobe Releases Security Updates for Multiple Products | CISA
Chrome 120 Update Patches High-Severity Vulnerabilities - Security Week
50K WordPress sites exposed to RCE attacks by critical bug in backup plugin (bleepingcomputer.com)
'5Ghoul' Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems - Security Week
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug (bleepingcomputer.com)
Sophos backports RCE fix after attacks on unsupported firewalls (bleepingcomputer.com)
Russian foreign intelligence service spotted exploiting JetBrains vulnerability (therecord.media)
This is how to protect your computers from LogoFAIL attacks | ZDNET
Over 1,450 pfSense servers exposed to RCE attacks via bug chain (bleepingcomputer.com)
Tools and Controls
Attacks abuse Microsoft DHCP to spoof DNS records • The Register
Balancing AI advantages and risks in cyber security strategies - Help Net Security
What is Cyber security threat intelligence sharing (att.com)
The Cyber Security Conundrum: Best-Of-Breed Vs. Single Pane Of Glass (forbes.com)
Discord adds Security Key support for all users to enhance security (bleepingcomputer.com)
Modern Attack Surface Management (ASM) for SecOps (trendmicro.com)
Cyber Security Attacks Are On the Rise — Is Your Business Prepared? | Entrepreneur
Are business cyber security measures really fit for purpose? - Digital Journal
Which cyber security controls are organisations struggling with? - Help Net Security
Other News
UK must improve cyber risk management in face of catastrophic threats - Emerging Risks Media Ltd
Positive Technologies: successful cyber attacks on financial organisations have doubled (zawya.com)
Is macOS as secure as its users think? | Kaspersky official blog
The 3 Most Prevalent Cyber Threats of the Holidays (darkreading.com)
Over 3,800 Ministry of Defence passes lost or stolen (ukdefencejournal.org.uk)
NCSC CEO Lindy Cameron to step down in 2024 | Computer Weekly
Reflecting On The Evolution Of Cyber Security In 2023 (forbes.com)
Unveiling the Cyber Threats to Healthcare: Beyond the Myths (thehackernews.com)
This is how to protect your computers from LogoFAIL attacks | ZDNET
Polish train maker denies claims it geofenced trains • The Register
Positive Technologies: successful cyber attacks on financial organisations have doubled (zawya.com)
Cyber criminals continue targeting open remote access products - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 08 December 2023
Black Arrow Cyber Threat Intelligence Briefing 08 December 2023:
-Cyber Attacks More Likely Than Fire or Theft, as Fifth of UK Businesses Fallen Victim To Cyber Attack in Past Year
-Russia Hacking: 'FSB in Years-Long Cyber Attacks on UK', Says Government
-NCSC CTO Cyber Security is Essential, Not Optional
-69% of Organisations Paid Ransoms, contributing to Inflation as Firms Increase Costs
-75% of Sports Related Passwords are Reused Across Accounts
-Ransomware in 2024: Anticipated Impact, Targets, and Landscape Shift
-Ransomware, Vendor Hacks Push Breach Number to Record High
-Nuclear Hack Creates Rising Fears of Cyber Vulnerability in Critical Infrastructure
-Thousands of House Purchases Frozen by Cyber Attack; Will They Complete Before Christmas?
-US Government Agency Was Hacked Thanks to 'End of Life' Software
-Digital Transformation, Security Implications, and their Effects on The Modern Workplace
-Third Party Breaches Shake up Energy Sector, with 90% Suffering from Third-Party Breach
-Report Reveals Sorry State of Cyber Security at UK Football Clubs
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks More Likely Than Fire or Theft, as Fifth of UK Businesses Fallen Victim To Cyber Attack in Past Year
A survey of more than 1,200 UK businesses of all sizes across multiple industries conducted by Aviva found that a fifth of UK businesses were victims to cyber attacks in the past year. The report found that businesses were 67% more likely to have experienced a cyber incident than a physical theft and five times more likely to have experienced a cyber attack than a fire.
When it came to the fallout from a cyber attack, 31% of businesses experienced operational disruption and 20% admit to not being confident in knowing what to do should this happen. This lack of confidence rises to more than a quarter (27%) for small businesses, who appear to be the most vulnerable to such a risk. Financially, the average incident was found to cost £21,000, however this figure is likely to be more given the further implications that result from a cyber attack.
Sources: [Insurance Age] [theHRD] [Infosecurity Magazine]
Russia Hacking: 'FSB in Years-Long Cyber Attacks on UK', Says UK Government
The UK government has accused Russia's Federal Security Service (FSB), successor to the KGB, of conducting a prolonged cyber hacking campaign since at least 2015, targeting politicians, journalists, academics, and others through sophisticated attacks that included the creation of false accounts. This accusation, part of a coordinated effort with the US, aims to disrupt FSB operations and raise awareness ahead of major elections. This comes as a recent report by Palo Alto Networks' Unit 42 found that the Russia-linked APT28 group, also known as “Forest Blizzard” or “Fancybear,” has exploited a Microsoft Outlook vulnerability to target European NATO members. Active since 2007 and linked to the Russian military, APT28's recent campaigns have focused on government, energy, transportation, and NGOs in the US, Europe, and the Middle East. These incidents highlight the critical need for enhanced cyber security measures and international cooperation to counter sophisticated and evolving cyber threats, ensuring the security of sensitive sectors and the integrity of global democratic processes.
Sources: [BBC News] [ Security Affairs]
NCSC CTO: Cyber Security is Essential, Not Optional
Ollie Whitehouse, Chief Technology Officer (CTO) of the UK’s NCSC has argued in a recent keynote that extra security features should not be a premium feature, highlighting the importance of vendors adopting a secure-by-design method, rather than implementing security upcharges where vendors charge extra for users to secure their product.
The speech also noted that organisations should utilise the tools that are already available to them, on top of maintaining a focus on user awareness.
Sources: [Infosecurity Magazine] [Dark Reading]
69% of Organisations Paid Ransoms, contributing to Inflation as Firms Increase Costs
According to a survey, 75% of respondents reported being targeted by ransomware in the past year, and of those, 69% paid the ransom. 54% of those who paid the ransom, suffered financial ramifications of $100,000 or more. It is unclear whether the research includes further implications such as regulatory fines, loss of work, reputational damage, and cost of down-time.
A separate study found that ransomware attacks costs are directly contributing to rising inflation in the UK, as businesses face an average increase of 17% to their costs following an attack. Cumulatively, 68% of the companies represented in the survey reported they had increased prices by at least 11% as a direct result of suffering an attack. In addition, of those falling victim to ransomware, 70% believed their business would have to close if they suffered another attack. When it came to the time lost to dealing with ransomware, companies took an average of two months to recover from an attack and 16% took between three and six months.
Sources: [ITPro] [Beta News] [Security Magazine]
75% of Sports Related Passwords are Reused Across Accounts
According to a recent Bitwarden report, 33% of Americans have used a sports-themed password. This figure rose to 49% for those ages 18-34. Of those, 75% admitted to using it across multiple accounts. Password re-use a common issue globally: by re-using passwords, users are multiplying the likelihood of being breached by an attacker. Additionally, this can crossover to the corporate environment, where users’ personal breached credentials can be utilised to get into their corporate account.
Sources: [Security Magazine] [Help Net Security]
Ransomware in 2024: Anticipated Impact, Targets, and Landscape Shift
As ransomware continues to rise, we can expect groups to evolve their attacks, operating on a larger scale for bigger profits, especially following large-scale supply chain attacks in the past 12 months. Ransomware has solidified its position as the predominant security threat in 2023, with a record number of victims. A recent report highlighted a 46% increase in cyber extortion and ransomware attacks compared to previous years. This trend shows ransomware evolving into a profitable microcosm, akin to a startup ecosystem, with more groups emerging as disruptors and newcomers. In response, organisations are increasingly turning to services that lend-out cryptocurrency, a frequent ransomware payment method. With changing tactics and the formation of new groups, it's crucial for leaders to prepare their 2024 security strategies now, ensuring they have a robust plan in place to counter ransomware threats to their organisations.
Sources: [Barrons] [Help Net Security] [Computer Weekly]
Ransomware, Vendor Hacks Push Breach Number to Record High
The world is experiencing a significant rise in data breaches, reaching a record high with more than 360 million individuals affected in the first eight months of 2023 in the US alone, according to a joint report from Apple and an MIT researcher. This alarming increase includes a notable surge in ransomware attacks, which have escalated by nearly 70% compared to 2022. The healthcare sector is particularly vulnerable, with 60% of organisations reporting ransomware attacks in 2023, an increase from 34% in 2021. The largest health data breach this year impacted 11 million people at HCA Healthcare. A critical factor in these breaches is the exploitation of third-party vendors, as seen in attacks on Progress Software's MOVEit and Fortra's GoAnywhere applications. These incidents highlight the urgent need for organisations to prioritise data security, especially in managing relationships with vendors, to protect sensitive information and mitigate the growing threat of cyber attacks.
Source: [Info Risk Today]
Nuclear Hack Creates Rising Fears of Cyber Vulnerability in Critical Infrastructure
News of one of the UK’s most high profile nuclear power stations, Sellafield, being hacked, with fears that highly sensitive information has been accessible for years, has led to new calls for the UK to tighten up security of its vital infrastructure. Rather worryingly, The Guardian have added that it discovered that authorities were unaware of its first compromise, but it has been detected as far back as 2015.
Sources: [Emerging Risks]
Thousands of House Purchases Frozen by Cyber Attack; Will They Complete Before Christmas?
Conveyancing firms across the UK faced significant disruption when they discovered blank screens on their computers due to a problem originating from CTS, a cloud hosting provider widely used for legal applications. This unexpected issue led many within these affected firms to hastily purchase new laptops to regain partial access to emails and documents, but their case management systems remained largely inaccessible. Firms had to devise manual workarounds to keep transactions moving, amidst concerns about the safety of client data and funds. While most firms have found ways to progress with exchanges and completions, the reliance on cumbersome manual processes and limited access to client data and financial systems has more than doubled the workload. This situation raises several questions about the preparedness and resilience of paperless (or paper-light) office environments, the adequacy of backup systems, and potential compensation for those inconvenienced. The immediate focus, however, is on collaborative efforts to ensure as many clients as possible can move into their new homes before Christmas.
Source: [Property Industry Eye]
US Government Agency Was Hacked Thanks to 'End of Life' Software
The US Cyber security and Infrastructure Security Agency (CISA) recently issued a warning about two cyber attacks on an undisclosed federal agency, exploiting a vulnerability in outdated Adobe ColdFusion software. This software, now end-of-life, no longer receives updates, leaving the agency vulnerable and unable to apply security patches. The attacks, which occurred in June and July, appeared to be reconnaissance efforts to map the agency's network, with no evidence of malware installation or data exfiltration. However, it's unclear if the same hackers were behind both incidents. Microsoft Defender for Endpoint detected and limited the hackers' activities. This situation underscores the significant risks associated with running end-of-life software, highlighting the need for organisations to update or replace such software to protect against potential cyber threats.
Source:[ TechCrunch]
Digital Transformation, Security Implications, and their Effects on The Modern Workplace
The vast majority of digital transformation projects will have implications for your cyber security, yet too often this is overlooked with the focus on delivery of the project or the functionality it will bring. Thinking about security after the fact is not only more expensive and less efficient, but can also mean dangerous gaps remaining open in the meantime. In this era, where remote work and public network access are prevalent, the lack of a robust cyber security framework significantly undermines the digital transformation process. Continuous employee education on digital threats and proactive cyber security measures are not just add-ons but essential components of a successful digital transformation. As businesses move towards 2024, integrating advanced cyber security practices is as crucial as adopting new technologies for a truly effective and secure digital transformation.
Source:[ Forbes]
Third Party Breaches Shake up Energy Sector, with 90% Suffering from Third-Party Breach
With 90% of the largest energy companies globally experiencing a third-party breach in the past 12 months, it is no wonder the sector is shaken. In the US, 100% of the top 10 US energy providers suffered a breach and in total, 98% of the organisations in the research used at least one third party vendor that had experienced a breach in the last two years.
Third-party breaches are a concern for any organisation. It is important to know who has access to your organisation’s data, and what security controls they have in place to protect it. Organisations can benefit from firstly identifying who has their information and then conducting supply chain risk assessments to understand what information is held and how it is protected.
Sources: [Help Net Security]
Report Reveals Sorry State of Cyber Security at UK Football Clubs
A new report reveals a concerning lack of cyber resilience within UK football clubs, extending from the Premier League downwards. The industry, increasingly targeted by cyber attacks, suffers from a disconnect between the perceived and actual risk levels. Key findings include a general lack of cyber maturity, outdated approaches to cyber security, and a scarcity of dedicated IT and cyber security roles, including Chief Information Security Officers (CISOs). Despite significant financial investments in players, there's reluctance from club boards to allocate sufficient resources for cyber security. The report underscores the need for comprehensive training, increased awareness of security risks across all levels of club operations, and the hiring of dedicated cyber security professionals. This situation calls for an industry-wide standard for cyber security budgets, scaled according to the club's size and turnover, to adequately address these emerging digital threats.
Source: [Computer Weekly]
Governance, Risk and Compliance
A fifth of UK businesses victims of cyber attacks in past year - Insurance Age
Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)
Digital Transformation And Its Effects On The Modern Workplace (forbes.com)
UK Cyber CTO: Vendors' Security Failings Are Rampant (darkreading.com)
Record-breaking 2023 highlights constant cyber threat (emergingrisks.co.uk)
2024 will see wave after wave of cyber attacks | theHRD (thehrdirector.com)
Doing More With Less: Cyber Security Tools And Budget Efficiency (forbes.com)
Why Invest? Building a Case for Increasing Cyber Security Budgets | UpGuard
SolarWinds lawsuit by SEC puts CISOs in the hot seat | SC Media (scmagazine.com)
CISOs are getting more help after cyber attacks, but often it isn't helping | TechRadar
Cyber and remote working: How Covid moved the cursor | Computer Weekly
Why effective cyber security is more important than ever for European family offices | Campden FB
Building cyber-resilience: Security, compliance, governance, and privacy - Digital Journal
Massive Consolidated Lawsuit Blazes Trail for Hacking Litigation (bloomberglaw.com)
Threats
Ransomware, Extortion and Destructive Attacks
69% of organisations facing ransomware attacks paid the ransom | Security Magazine
2023 may have seen highest ransomware ‘body count’ yet | Computer Weekly
Cyber attacks surge in 2023, as millions fall victim to ransomware: Report (yahoo.com)
Ransomware attack costs are driving up inflation in the UK | ITPro
Ransomware ramped up against private sector in November | TechTarget
BlackCat threatens to directly extort vendor's customers • The Register
New wave of ransomware attacks plague US critical infrastructure post-Thanksgiving (axios.com)
How Ransomware Gangs Are Fueling a New Cyber Security Arms Race - Barron's (barrons.com)
Ransomware, Vendor Hacks Push Breach Number to Record High (inforisktoday.com)
Expert warns of Turtle macOS ransomware (securityaffairs.com)
Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware (thehackernews.com)
Linux version of Qilin ransomware focuses on VMware ESXi (bleepingcomputer.com)
LockBit Remains Top Global Ransomware Threat - Infosecurity Magazine (infosecurity-magazine.com)
Wanted: top three most prolific ransomware gangs revealed! (techinformed.com)
Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)
Ransomware, Data Breaches Inundate OT & Industrial Sector (darkreading.com)
Ransomware Victims
60 US credit unions offline after cloud ransomware infection • The Register
'Thousands' affected by cyber attack on conveyancing platform (thenegotiator.co.uk)
Western Isles Council 'counting cost' of November's cyber attack - BBC News
Austal USA Investigates Cyber Attack Claimed by Ransomware Group (darkreading.com)
Almost 440K individuals affected by cyber attack on Proliance Surgeons (WA) | HealthLeaders Media
Phishing & Email Based Attacks
Black Friday phishing attacks, and other cyber security news | World Economic Forum (weforum.org)
US aerospace firm downed by spearphishing attack | SC Media (scmagazine.com)
Booking.com users angry at firm's response to hacks - BBC News
Hershey warns of data breach following phishing attack (therecord.media)
This huge Russian phishing campaign is hitting targets across the world | TechRadar
ChatGPT builder helps create scam and hack campaigns - BBC News
Artificial Intelligence
ChatGPT builder helps create scam and hack campaigns - BBC News
Artificial Intelligence: How It Can Target Your Firm’s Cyber Security Defences - Above the Law
Bank of England Will Review the Risks That AI Poses to UK Financial Stability - SecurityWeek
How do security leaders view AI and cyber risk insurance? • Foundry (foundryco.com)
Exploring the impact of generative AI in the 2024 presidential election - Help Net Security
Put guardrails around AI use to protect your org, but be open to changes - Help Net Security
Major Organisations Using 'Hugging Face' AI Tools Put at Risk by Leaked API Tokens - SecurityWeek
Proliferation of AI-driven Attacks Anticipated in 2024 (itsecuritywire.com)
Artificial Intelligence: How It Can Target Your Firm’s Cyber Security Defences - Above the Law
Researchers automated jailbreaking of LLMs with other LLMs - Help Net Security
Malware
Fake WordPress security advisory pushes backdoor plugin (bleepingcomputer.com)
Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware (thehackernews.com)
Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs (darkreading.com)
Agent Racoon Backdoor Targets Organisations in Middle East, Africa, and US (thehackernews.com)
Mac users are being targeted again with dangerous malware - here's what to know | TechRadar
Russian hacker pleads guilty to Trickbot malware conspiracy (bitdefender.com)
New Stealthy 'Krasue' Linux Trojan Targeting Telecom Firms in Thailand (thehackernews.com)
Hackers switch from email attacks to downloads (therecord.com)
Microsoft Warns of COLDRIVER's Evolving Evading and Credential-Stealing Tactics (thehackernews.com)
Mobile
Android users warned about new threat after one victim loses $280K - PhoneArena
December Android updates fix critical zero-click RCE flaw (bleepingcomputer.com)
94 Vulnerabilities Patched in Android with December 2023 Security Updates - SecurityWeek
Top mobile password managers could be exposing user details | TechRadar
Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption - SecurityWeek
Russian Hackers’ Lawsuit Reveals Weaknesses In Apple’s iOS 16 (forbes.com)
SpyLoan Android malware on Google Play downloaded 12 million times (bleepingcomputer.com)
Vulns in Android WebView, Password Managers Can Leak User Credentials (darkreading.com)
New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices (thehackernews.com)
Apple and some Linux distros are open to Bluetooth attack • The Register
Denial of Service/DoS/DDOS
Internet of Things – IoT
EU gets tough on cyber threat with sweeping security agreement (emergingrisks.co.uk)
Customizing Cyber Security For Critical Infrastructure In Smart Cities (forbes.com)
Data Breaches/Leaks
23andMe to Book Up to $2M in Cyber Security Breach Expenses - MarketWatch
After hack, 23andMe gives users 30 days to opt out of class-action waiver | Ars Technica
23andMe updates user agreement to prevent data breach lawsuits (bleepingcomputer.com)
23andMe confirms hackers stole ancestry data on 6.9 million users | TechCrunch
23andMe: Data Breach Was a Credential-Stuffing Attack (darkreading.com)
Data breach debacle hits yet another UK public sector org • The Register
Fortune-telling website WeMystic exposes 13M+ user records (securityaffairs.com)
Hackers Claim to Have Stolen Data From Naval Shipyard Austal USA (maritime-executive.com)
Hershey warns of data breach following phishing attack (therecord.media)
Nissan is investigating cyber attack and potential data breach (bleepingcomputer.com)
GST Invoice Billing Inventory exposes sensitive data to threat actors (securityaffairs.com)
Ransomware, Data Breaches Inundate OT & Industrial Sector (darkreading.com)
Organised Crime & Criminal Actors
Record-breaking 2023 highlights constant cyber threat (emergingrisks.co.uk)
Police Arrests 1000 Suspected Money Mules - Infosecurity Magazine (infosecurity-magazine.com)
Online crime risks are doubling: Are cyber criminal groups starting to merge? - Digital Journal
Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
North Korea's state hackers stole $3 billion in crypto since 2017 (bleepingcomputer.com)
Platypus exploiters walk free after claiming to be ‘ethical hackers’ (cointelegraph.com)
Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)
Insider Risk and Insider Threats
Insurance
Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)
How do security leaders view AI and cyber risk insurance? • Foundry (foundryco.com)
Brokers urged to deliver cyber threat message (emergingrisks.co.uk)
Hot Topics to Consider for 2024 D&O Questionnaires | Bryan Cave Leighton Paisner - JDSupra
Supply Chain and Third Parties
Third-party breaches shake the foundations of the energy sector - Help Net Security
Ransomware, Vendor Hacks Push Breach Number to Record High (inforisktoday.com)
60 US credit unions offline after cloud ransomware infection • The Register
Tipalti investigates claims of data stolen in ransomware attack (bleepingcomputer.com)
Major Organisations Using 'Hugging Face' AI Tools Put at Risk by Leaked API Tokens - SecurityWeek
BlackCat threatens to directly extort vendor's customers • The Register
Cloud/SaaS
60 US credit unions offline after cloud ransomware infection • The Register
Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk (thehackernews.com)
Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts (thehackernews.com)
More oversight needed for cloud in banking, say regulators - Tech Monitor
Encryption
Cracking Weak Cryptography Before Quantum Computing Does (darkreading.com)
HSBC tests protecting FX trading from quantum computer attacks (yahoo.com)
Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption - SecurityWeek
Linux and Open Source
New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices (thehackernews.com)
Apple and some Linux distros are open to Bluetooth attack • The Register
Passwords, Credential Stuffing & Brute Force Attacks
75% of sports-related passwords are reused across accounts | Security Magazine
New Relic admits attack on staging systems, user accounts • The Register
After hack, 23andMe gives users 30 days to opt out of class-action waiver | Ars Technica
23andMe: Data Breach Was a Credential-Stuffing Attack (darkreading.com)
Vulns in Android WebView, Password Managers Can Leak User Credentials (darkreading.com)
Top mobile password managers could be exposing user details | TechRadar
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
EU gets tough on cyber threat with sweeping security agreement (emergingrisks.co.uk)
More oversight needed for cloud in banking, say regulators - Tech Monitor
Bank of England Will Review the Risks That AI Poses to UK Financial Stability - SecurityWeek
SolarWinds lawsuit by SEC puts CISOs in the hot seat | SC Media (scmagazine.com)
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware (thehackernews.com)
Interpol Arrests Smuggler With New Biometric Screening Database (darkreading.com)
Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
Sellafield nuclear site 'hit by cyber attacks from Russian and Chinese hackers' - Tech Monitor
Sellafield nuclear site under ‘robust scrutiny’ over cyber security fears (telegraph.co.uk)
UK government denies China/Russia nuke plant hack claim • The Register
Russia
Russia hacking: 'FSB in years-long cyber attacks on UK', says government - BBC News
NCSC exposes Russian cyber attacks on UK political processes | Computer Weekly
UK names FSB unit behind hack-and-leak campaigns, summons Russian ambassador (therecord.media)
2 Russian intel officers charged with hacking into US and British government agencies (nbcnews.com)
Russia's APT8 exploited Outlook 0day to target EU NATO members (securityaffairs.com)
Fancy Bear goes phishing in US, European high-value networks • The Register
This huge Russian phishing campaign is hitting targets across the world | TechRadar
Russian hacker pleads guilty to Trickbot malware conspiracy (bitdefender.com)
Microsoft Warns of COLDRIVER's Evolving Evading and Credential-Stealing Tactics (thehackernews.com)
Russian Hackers’ Lawsuit Reveals Weaknesses In Apple’s iOS 16 (forbes.com)
Iran
Breaches by Iran-Affiliated Hackers Spanned Multiple US States, Federal Agencies Say - SecurityWeek
US, Israel Warn of Iranian-Linked Cyber Attacks on Water Systems - Bloomberg
North Korea
Vulnerability Management
CISA says US government agency was hacked thanks to ‘end of life’ software | TechCrunch
CISA's Goldstein wants to ditch 'patch faster, fix faster' model | CyberScoop
Key drivers of software security for financial services - Help Net Security
Vulnerabilities
Sticking With Windows 10 Instead Of Upgrading? Get Ready To Pay For Security Updates (slashgear.com)
Quick: Update iPhones and Macs – WebKit security hole found • The Register
VMware Patches Critical Authentication Bypass Bug | Decipher (duo.com)
Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs (darkreading.com)
Notepad++ Input Validation Flaw Leads Search Path Vulnerability (cybersecuritynews.com)
December Android updates fix critical zero-click RCE flaw (bleepingcomputer.com)
94 Vulnerabilities Patched in Android With December 2023 Security Updates - SecurityWeek
Adobe ColdFusion flaw exploited in US government agency attacks (stackdiary.com)
Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks (thehackernews.com)
Dangerous vulnerability in fleet management software seemingly ignored by vendor | CyberScoop
Future Intel, AMD and Arm CPUs Vulnerable to New 'SLAM' Attack: Researchers - SecurityWeek
Tools and Controls
Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)
How to recover systems in the event of a cyber attack | Computer Weekly
How Financial Institutions Can Navigate the ‘Operational Resilience' imperative (finextra.com)
How to solve 2 MFA challenges: SIM swapping and MFA fatigue | TechTarget
Why you should create a physical security standard for your company (securitybrief.co.nz)
Why Invest? Building a Case for Increasing Cyber Security Budgets | UpGuard
New 'Pool Party' Process Injection Techniques Undetected by EDR Solutions - SecurityWeek
Best 10 Best Cyber Attack Maps - 2024 (cybersecuritynews.com)
Brokers urged to deliver cyber threat message (emergingrisks.co.uk)
Proactive, not reactive: the path to ensuring operational resilience in cyber security | CSO Online
Cyber Security: How to Demonstrate Resilience and Hygiene - Techopedia
Cyber Security Insurance: Once Optional, Now Essential (informationweek.com)
When Should You Replace A Cyber Security Vendor? (forbes.com)
Are companies falling behind on cyber security awareness training? | CTV News
Other News
NATO’s Flagship Cyber Exercise Concludes In Estonia – Eurasia Review
Ofcom publishes UK age verification proposals • The Register
Microsoft Hires New CISO in Major Security Shakeup - SecurityWeek
US aerospace companies are facing dangerous new cyber attacks | TechRadar
Report reveals sorry state of cyber security at UK football clubs | Computer Weekly
2023’s Dark Horse Cyber Story: Critical Infrastructure Attacks (govtech.com)
Nuclear hack creates rising fears of cyber vulnerability in critical services (emergingrisks.co.uk)
The World Depends on 60-Year-Old Code No One Knows Anymore | PCMag
Public sector has misplaced confidence in cyber security (securitybrief.co.nz)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.